=== Freshports: SQL Injection Attack and Help Request

Links: +
link:https://freshports..org[FreshPorts] URL: link:freshports.org[] +
link:https://news.freshports.org/[FreshPorts blog] URL: link:https://news.freshports.org/[]

Contact: Dan Langille <dvl@FreeBSD.org>

FreshPorts and FreshSource have reported upon FreeBSD commits for 20 years.
They cover all commits, not just ports.

FreshPorts tracks the commits and extracts data from the port Makefiles to create a database of information useful to both port maintainers and port users.

For example, link:https://www.freshports.org/security/acme.sh/[] shows the history of the package:security/acme.sh[] port, back to its creation in May 2017.
Also available are dependencies, flavors, configuration options, and available packages.
All of this is useful for both users and developers of ports.

==== SQL Injection Attack

In March, an SQL injection attack was noticed and the website was patched.
Notices were sent out via our Twitter account, our status page, and a notice on the top of each page of the website.
The immediate attack vector was shutdown and soon patched.
Additional preventative patches were added across the website.
Everything we know about has been fixed.
Users were notified and advised to change their passwords.

Details at:

* link:https://news.freshports.org/2023/03/24/sql-inejection-issues-fixed/[]
* link:https://news.freshports.org/2023/03/24/freshsource-code-fixes/[]

==== Help Needed

It has been over 22 years since FreshPorts started.
Others must take over eventually.
I’d like to start that process now.
There are several aspects to FreshPorts:

* FreeBSD admin (updating the OS and packages)
* front end code (website - mostly PHP)
* back end code (commit processing - Perl, Python, shell)
* database design (PostgreSQL).

The database does not change very often and requires little maintenance compared to the applications and OS.
The website pretty much runs itself.
From time to time, a change to the FreeBSD ports infrastructure breaks something or requires a modification, but there is rarely any urgency to fix that.
This is not a huge time commitment.
There is a lot of learning.
While not a complex application, FreshPorts is also not trivial.
